Report Finds One-Third of Organisations in France, Germany and UK Do Not Fully Understand Impact of New EU Security Legislation

Survey Shows Most Businesses Not Fully Compliant, Feel Guidelines to Achieve Compliance are Unclear

Reading, UK – January 25, 2015 - FireEye Inc. (NASDAQ: FEYE), the leader at stopping today’s advanced cyber attacks, today published the new report “Mixed State of Readiness for New Cybersecurity Regulations in Europe.” Based on a survey of organisations from the UK, France and Germany, the report found that many organisations in Europe are unprepared for and challenged by cost and complexity of compliance with new European Union (EU) security legislation.

“Mixed State of Readiness” assesses respondents’ understanding and expectations of the proposed Network and Information Security (NIS) and General Data Protection Regulation (GDPR) legislation. The GDPR is currently set to be finalised in early 2015, with compliance becoming mandatory in 2017. The NIS directive – set to be implemented in 2015 – will impose new security and incident reporting requirements on a broader range of private sector companies.

The report also gauges how organisations perceive the scale and importance of the legislation and predicts how organisations in France, Germany and the UK are most likely to prepare themselves for compliance. Based on responses, it concludes that there is a mixed state of readiness at best, with many not understanding the true extent of the potential impact of the legislation.

“The past year has shown that breaches are inevitable as hackers continue to evade security, and the EU directives are an important step toward addressing these threats,” said Richard Turner, VP EMEA, FireEye. “Organisations need to ensure that they have the capabilities to detected, prevent, analyse and respond to breaches in a timely manner. The EU legislation -- both the NIS directive and GDPR -- promotes the adoption of capabilities to respond to and report breaches.  While this is a positive step, organisations need to look beyond the EU directives and be prepared to launch an appropriate and proportionate response to a threat or breach in order to protect shareholder value."

Key findings from the report include:

  • Only 39% of organisations in France, Germany and UK indicated that they have all required measures in place for the NIS directive and less so for GDPR.
  • Only two thirds (66 percent) of respondents believe their organisations fully understand the impact of the new NIS and GDPR regulations.
  • The top concerns associated with serious data breaches and loss of personal information are potential fines (58 percent); damage to reputation (57 percent); and loss of business and/or revenue (58 percent).
  • Over 60 percent of the organisations surveyed believe they are being provided little or no clear guidance on the legislation.
  • 64 percent cited additional expenditure on hardware and software as a challenge, with 23 percent rating this as the single most important barrier to complying with the directives. Other barriers included implementation costs (58 percent) and policy complexity (56 percent).
  • Most organisations (62 percent) expect that members of their own IT department will be tasked with assessing the NIS and GDPR requirements.

“The new EU security and privacy requirements are incredibly important and will greatly increase the security obligations of European organisations,” said Adam Palmer, International Government Affairs Director, FireEye.  “We encourage organisastions of all sizes to adopt mitigation measures that will manage risk stemming from zero-day exploits and never-seen-before malware as these attacks constitute a majority of advanced attacks in today’s threat environment.  However, our research does show that organisations are not fully prepared for the implementation of the legislation, and it is critical these organisations begin preparing now to be in compliance and not be caught unprepared.”

A full version of the report can be found here.

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 2,700 customers across 67 countries, including over 157 of the Fortune 500.

© 2015 FireEye, Inc. All rights reserved. FireEye is a registered trademark or trademark of FireEye, Inc. in the United States and other countries.

Media Contact:
Vitor De Souza
FireEye, Inc.